In many organizations, IT security and development teams have very different mandates. For example, according to the SANS Institute's 2015 State of Application Security: Closing the Gap, while software builders focus on lowering their time to market and feature lists, application defenders worry about fully identifying all apps in their corporate portfolios to effectively address security... READ MORE›

Corporate cybersecurity risk is drawing federal attention: According to the Wall Street Journal, the US Securities and Exchange Commission now mandates that companies report "cybersecurity risks that could affect the business or its registrants materially" on their 10-K statements. The SEC wants businesses to err on the side of full disclosure, but for many organizations, even... READ MORE›

The cloud. Mobile devices. High-availability networks. These and other technological advances have empowered users to work with greater efficiency and with lower spend, but they come with an unintended side effect: the consumerization of IT.
Where employees once leaned on IT admins to troubleshoot any problems or install new software, they're now able to perform the same tasks via easy-to-use... READ MORE›

Most companies don't want to talk about their supply chains and risk management in the same sentence, let alone bring this topic to the boardroom. Why? Because, as a recent Harvard Business Review (HBR) article points out, "suppliers tend to be optimistic about the information they provide," while companies looking to bolster their bottom lines without breaking the budget are often... READ MORE›

Data breaches are on the rise. According to a recent Forbes article, more than 675 million records were compromised last year. What's more, these breaches weren't limited to a single sector: retail, financial and even post-secondary institutions were all victimized. That means IT security must evolve, and that evolution starts with the Chief Information Security Officer (CISO).
In a new... READ MORE›

Cybersecurity is a now a top priority for board members. According to Help Net Security's report on a recent NYSE Governance Services/Veracode survey, over 80 percent of respondents said security was discussed at "most or all" boardroom meetings. But there's a disconnect: Sixty-six percent of those surveyed said they were "not fully confident their companies are properly... READ MORE›

Discovering vulnerabilities is an essential part of effective security testing; companies pay good money for services to accomplish this goal with rigor and precision. Many enterprises now offer "bug bounties" to encourage white-hat hackers to deliberately penetrate systems and then report the results. One such independent security researcher is Chris Roberts, a cybersecurity consultant... READ MORE›

What's in a name? If you're talking about the emerging idea of DevOps, then there's an easy answer: everything.
As noted by Forbes, there's no single definition of the term; however, according to Adam Jacob, CTO of Chef Software, "DevOps is the experience of people who are using it to transform their businesses." In other words, the name means different things to... READ MORE›

What is Cross-Site Request Forgery (CSRF)? More importantly, how can your business take action against it? Here's everything you need to know about this threat, its potential impact and your best defense.
Cross-Site Basics
CSRF attacks are listed among the OWASP Top 10, but they are often overlooked in favor of Cross-Site Scripting (XSS) vulnerabilities, advanced malware or inherent software... READ MORE›

CISOs play a critical role keeping a company's most critical asset — data — safe from both internal and external threats. But they're now tasked with the job of mastering executive communication, so they can both engage other C-suite members and give them a practical understanding of cybersecurity risk.
As noted by CIO, "tension" between the CISO and other members of... READ MORE›

Get all the latest news, tips and articles delivered right to your inbox.

Cookie Use

We use cookies to collect information to help us personalise your experience and improve the functionality and performance of our site. By continuing to use our site [without first changing your browser setting], you consent to our use of cookies. For more information see our cookies policy.

Veracode is a leading provider of enterprise-class application security, seamlessly integrating agile security solutions for organizations around the globe. In addition to application security services and secure devops services, Veracode provides a full security assessment to ensure your website and applications are secure, and ensures full enterprise data protection. Application protection services from Veracode include white box testing, and mobile application security testing, with customized solutions that eliminate vulnerabilities at all points along the development life cycle.